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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in this 
application. Added text is indicated by underlining , and deleted text is indicated by 
strik e through . Changes are identified by a vertical bar at the left edge of text. 

Listing of Claims: 

1-14. (canceled). 

1 15. (previously presented) An access control management method according 

2 to claim 32 wherein a MAC address is obtained from said host computer by adoption of a 

3 protocol based on an iSCSI text mode negotiation. 

16-22. (canceled) 

1 23. (currently amended) A storage system for processing a command 

3 n e twork , said storage system comprising: 

4 a storag e unit for storing data to b e proc e ssed in acoordaneo with oaid command; 

5 a m e mory for holding an acc e ss manag e ment tabl e for storing first information on 

6 id e ntification of said host computer; 

7 a storage apparatus to which the host computer is connected by a network and 

8 which stores data to be processed in accordance with said command; 

9 means for receiving an iSCSI login request transmitted from the host computer; 

1 0 means for determining a first determination whether or not a source address 

1 1 | included in an IP header of the iSCSI login request is an IP address in the same segment network 

12 as a port of the storage apparatus; 

13 means for obtaining a MAC address assigned to the port of the host computer 

14 when the source address included in the IP header is not an IP address in the same network as the 

1 5 port of the storage apparatus as a result of the first determination; 
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16 means for determining a second determination whether or not the MAC address 

17 has been cataloged in an access management table that defines the MAC addresses identifying 

18 | the host compute r by IP address ; 

1 9 means for approving an access by said iSCSI login request from the host 

20 computer to the storage apparatus when the MAC address has been cataloged in the access 

21 management table as a result of the second determination; 

22 means for determining a third determination whether or not a logical unit (LU) 

23 specified by the command has been cataloged in the access management table as the LU 

24 | associated with the source IP address of a frame including included within the command; 

25 means for performing said second determination and said third determination in 

26 accordance with a source MAC address in the frame of thejSCSI login request sent from said 

27 host computer and cataloged in said access management tabl e when th e sourc e IP addr e ss of the 

28 iSCSI login r e qu e st is in the same segm e nt as th e port of its storage apparatus according to said 

29 first determination ; and 

30 means for accessing the LU to process the command when said LU has been 

3 1 cataloged in the access management table as a result of the third determination. 

1 24. (currently amended) A storage system according to claim 23, wherein a 

2 command r equest is given to a SNMP manager that transmits a request to the host computer to 

3 acquire an-MI B a Management Information Base data for the source IP address included in the 

4 iSCSI login request to obtaining obtain the MAC address. 

1 25. (previously presented) A storage system according to claim 23, wherein a 

2 MAC address is obtained from said host computer by adoption of a protocol based on an iSCSI 

3 text mode negotiation. 

1 26. (previously presented) A storage system according to claim 23, further 

2 comprising: 

3 a control memory for recording log data that the iSCSI login request has been 

4 made from a port of another network when the source address included in the IP header were not 
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5 the IP address in the same network as the port of the storage apparatus according to said the first 

6 determination means. 

1 27. (previously presented) A storage system according to claim 24, further 

2 comprising: 

3 means for determining whether or not a predetermined time has lapsed without a 

4 response received from the host computer, wherein said second determination is performed if the 

5 storage apparatus receives an SNMP response to a SNMP request to the host computer without 

6 causing a timeout. 

1 28. (previously presented) A storage system according to claim 23, further 

2 comprising, 

3 a control memory for recording log data indicating that the access from said host 

4 computer has not been approved therein, 

5 wherein processing of the command is not carried out if the requested access is 

6 determined to be a disallowed access to the LU by the third determination means. 

1 29. (currently amended) An access control management method for 

2 processing a command comprising an access request transmitted by a host computer to a storage 

3 apparatus by way of a network, said access control management method comprising the steps of: 

4 receiving an iSCSI login request transmitted from the host computer; 

5 determining a first determination as to whether or not a source address included in 

6 | an IP header of the iSCSI login request is an IP address in the same s e gment network as a port of 

7 the storage apparatus; 

8 obtaining a MAC address assigned to the port of the host computer when the 

9 source address included in the IP header is not an IP address in the same network as the port of 

1 0 the storage apparatus as a result of the first determination; 

1 1 determining a second determination as to whether or not the MAC address has 

12 been cataloged in an access management table that defines the MAC addresses identifying the 

13 I host compute r by IP address ; 



Page 4 of 13 



Appl. No. 10/765,289 PATENT 

Amdt. dated June 6, 2008 

Reply to Office Action of March 20, 2008 

14 approving an access by said iSCSI login request from the host computer to the 

1 5 storage apparatus when the MAC address has been cataloged in the access management table as 

1 6 a result of said second determination; 

1 7 determining a third determination as to whether or not a logical unit (LU) 

1 8 specified by the command has been cataloged in the access management table as the LU 

1 9 | associated with the source IP address of a frame including included within t he command; 

20 performing said second determination and said third determination in accordance 

21 with a source MAC address in the frame of iSCSI login request sent from said host computer and 

22 cataloged in said access management table wh e n the source IP address of the iSCSI login r e qu e st 

23 is in th e sam e s e gm e nt as th e port of its storag e apparatus according to said first d e t e rmination ; 

24 and 

25 accessing to the LU to process the command when said LU has been cataloged in 

26 the access management tables as a result of the third determination. 

1 30. (currently amended) An access control management method according to 

2 | claim 29, wherein a command request is given to a SNMP manager that transmits a request to the 

3 host computer to acquire an MIB for the source IP address included in the iSCSI login request to 

4 | obtaining obtain the MAC address. 

1 31. (previously presented) An access control management method according 

2 to claim 29, wherein log data that the iSCSI login request has been made from a port of another 

3 network is recorded in a control memory if the source address included in the IP header were not 

4 the IP address in the same network as the port of the storage apparatus according to said the first 

5 determination. 

1 32. (previously presented) An access control management method according 

2 to claim 30, further comprising: 

3 determining whether or not a predetermined time has lapsed without a response 

4 received from the host computer, wherein said second determination is performed if the storage 
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5 apparatus receives an SNMP response to a SNMP request to the host computer without causing a 

6 timeout. 

1 33. (previously presented) An access control management method according 

2 to claim 29, wherein log data indicating that the access from said host computer has not been 

3 approved is recorded in a control memory and processing of the command is not carried out if 

4 the requested access is determined to be a disallowed access to the LU on the third 

5 determination. 
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